For certain components, passwords must be stored so that they are available to the components when the system needs to connect to a resource such as a database or an event source. In this case, the password is first encrypted to avoid unauthorized access to the clear-text password.
Even if the password is encrypted, you must ensure that the access to the stored password data is protected in order to avoid password exposure. For example, you can set permissions to ensure that files with sensitive data are not readable by other users.
Database credentials are stored in the Installation_Directory/config/server.xml file.
<class>esecurity.base.ccs.comp.dataobject.ConnectionManager</class> <property name="username">appuser</property> <property name="password">7fA+ogBMeK7cRbJ+S6xJ/InLBUi+sRVGK5qYycDxfIqGDHVX9FApWg==</property>
Following is an example of Database Credentials in the configuration.xml file:
<strategy active="yes" id="jms" location="com.esecurity.common.communication.strategy.jmsstrategy.activemq.ActiveMQStrategyFactory" name="ActiveMQ"> <jms brokerURL="ssl://localhost:61616?wireFormat.maxInactivityDuration=0&jms.copyMessageOnSend=false" interceptors="compression" keystore="../config/.activemqclientkeystore.jks" keystorePassword="password" password="ebccfebf4ec3dac874494b992a91a3c9" username="system"/> </strategy>
The following database tables store passwords (/certificate) in the encrypted format.You must limit access to these tables.
EVT_SRC: column: ect_src_config column data
evt_src_collector: column: evt_src_collector_props
evt_src_grp: column: evt_src_default_config
md_config: column: data
integrator_config: column: integrator_properties
md_view_config: column: view_data
esec_content: column: content_context, content_hash
esec_content_grp_content: column: content_hash
sentinel_plugin: column: content_pkg, file_hash
Sentinel Log Manager stores both configuration data and event data in the following locations:
Table 2-2 Locations for Configuration Data and Event Data